Photo by Lia Trevarthen on Unsplash
Encrypting stored data is a standard best practice for preventing unauthorized access to or use of sensitive information. Encryption takes information stored in a readable format, such as PlainText, then uses mathematical algorithms to scramble it, making it unreadable. Encryption typically requires an encryption key, which is the technology that applies the algorithm that scrambles the data and is also used to make the information readable again. However, the protection no longer works if someone finds the encryption key.
The insecure cryptographic storage vulnerability means you have a problem with one or more of the following:
- Not encrypting all sensitive data
- Improper key storage and management
- Easy to crack encryption algorithms
- Internally-designed, untested algorithm
